Integrity walls: finding attack surfaces from mandatory access control policies

Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ... Pub Date : 2012-05-02 DOI:10.1145/2414456.2414500

H. Vijayakumar, Guruprasad Jakka, S. Rueda, Joshua Schiffman, T. Jaeger

{"title":"Integrity walls: finding attack surfaces from mandatory access control policies","authors":"H. Vijayakumar, Guruprasad Jakka, S. Rueda, Joshua Schiffman, T. Jaeger","doi":"10.1145/2414456.2414500","DOIUrl":null,"url":null,"abstract":"Protecting host system integrity in the face of determined adversaries remains a major problem. Despite advances in program development and access control, attackers continue to compromise systems forcing security practitioners to regularly react to such breaches. While security practitioners may eventually learn which entry points in programs must be defended over a software's lifetime, new software and configuration options are frequently introduced, opening additional vulnerabilities to adversaries. The application developers' problem is to identify the program entry points accessible to adversaries and provide necessary defenses at these entry points before the adversaries use these to compromise the program. Unfortunately, this is a race that developers often lose. While some program vulnerable entry points are well-known (mostly network), the complexity of host systems makes it difficult to prevent local exploits should attackers gain control of any unprivileged processing. The question we explore in this paper is whether the program entry points accessible to adversaries can be found proactively, so defenses at these entry points can also be developed proactively.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2012-05-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"44","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2414456.2414500","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 44

Abstract

Protecting host system integrity in the face of determined adversaries remains a major problem. Despite advances in program development and access control, attackers continue to compromise systems forcing security practitioners to regularly react to such breaches. While security practitioners may eventually learn which entry points in programs must be defended over a software's lifetime, new software and configuration options are frequently introduced, opening additional vulnerabilities to adversaries. The application developers' problem is to identify the program entry points accessible to adversaries and provide necessary defenses at these entry points before the adversaries use these to compromise the program. Unfortunately, this is a race that developers often lose. While some program vulnerable entry points are well-known (mostly network), the complexity of host systems makes it difficult to prevent local exploits should attackers gain control of any unprivileged processing. The question we explore in this paper is whether the program entry points accessible to adversaries can be found proactively, so defenses at these entry points can also be developed proactively.

查看原文本刊更多论文

完整性墙:从强制访问控制策略中查找攻击面

在面对确定的对手时保护主机系统的完整性仍然是一个主要问题。尽管在程序开发和访问控制方面取得了进展，但攻击者继续危害系统，迫使安全从业人员定期对此类破坏作出反应。虽然安全从业人员可能最终会了解在软件的生命周期内必须保护程序中的哪些入口点，但经常会引入新的软件和配置选项，从而为对手打开额外的漏洞。应用程序开发人员的问题是确定攻击者可以访问的程序入口点，并在攻击者使用这些入口点危害程序之前在这些入口点提供必要的防御。不幸的是，这是一场开发者经常输掉的竞赛。虽然一些程序易受攻击的入口点是众所周知的(主要是网络)，但如果攻击者获得对任何非特权处理的控制，主机系统的复杂性使得很难阻止本地漏洞利用。我们在本文中探讨的问题是，是否可以主动发现攻击者可以访问的程序入口点，因此这些入口点的防御也可以主动开发。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...

自引率

0.00%

发文量